Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-5952

    Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.... Read more

    Affected Products : fatca
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2015-5951

    A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.... Read more

    Affected Products : fatca
    • Published: Jan. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5745

    Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.... Read more

    Affected Products : fedora qemu eos
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5741

    The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.... Read more

    Affected Products : enterprise_linux go openstack
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5725

    SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.... Read more

    Affected Products : codeigniter
    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5694

    Designate does not enforce the DNS protocol limit concerning record set sizes... Read more

    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5686

    Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.... Read more

    Affected Products : puppet_enterprise
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5684

    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Note... Read more

    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5674

    The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failur... Read more

    Affected Products : freebsd
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5628

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earl... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5627

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earl... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5626

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earl... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5617

    SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.... Read more

    Affected Products : webpublisher_cms
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2015-5606

    Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.... Read more

    Affected Products : vordel_xml_gateway
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2015-5601

    edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.... Read more

    Affected Products : edx-platform
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2015-5595

    Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-5593

    The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>",... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2015-5592

    Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2015-5591

    SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.... Read more

    Affected Products : zenphoto
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-5524

    An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).... Read more

    Affected Products : android
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results